Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QEMU exited from an error: Operation not permitted #4882

Closed
ideologysec opened this issue Jan 3, 2023 · 4 comments
Closed

QEMU exited from an error: Operation not permitted #4882

ideologysec opened this issue Jan 3, 2023 · 4 comments
Milestone
v4.1

Comments

@ideologysec
Copy link

ideologysec commented Jan 3, 2023
edited
Loading

Describe the issue
Attempting to run QEMU virtual machines in disposable mode results in the following error:
QEMU exited from an error: qemu-aarch64-softmmu: -drive if=pflash,format=raw,unit=0,file=/Applications/UTM.app/Contents/Resources/qemu/edk2-aarch64-code.fd,readonly=on: Could not open temporary file '/var/tmp/vl.MJNYX1': Operation not permitted

This is intermittent but consistently reproducible - sometimes it is only "Run without saving changes" (which ALWAYS throws this error), but sometimes it is also when selecting "Run." The issue does not occur with 4.1.2, but does with version 4.1.3 and 4.1.4 - I can use the same VM in 4.1.2 and it works fine, and then have it not work in 4.1.4

This occurs with both old and new virtual machines - I've created a new VM in 4.1.4 and then immediately tried to run it in disposable mode, and the issue occurs.

This appears to be related to security-scoped bookmarks? At least according to the system log.

Configuration

  • UTM Version: 4.1.3 & 4.1.4
  • macOS Version: 13.1
  • Mac Chip (Intel, M1, ...): M1 Max

System log

default	21:08:24.911752-0800	UTM	Running:  -L /Applications/UTM.app/Contents/Resources/qemu -S -spice "unix=on,addr=/Users/user/Library/Group Containers/WDNLXAD4W8.com.utmapp.UTM/D62B83E8-8CB2-459C-82C8-689CBE5B2104.spice,disable-ticketing=on,image-compression=off,playback-compression=off,streaming-video=off,gl=on" -chardev spiceport,id=org.qemu.monitor.qmp,name=org.qemu.monitor.qmp.0 -mon chardev=org.qemu.monitor.qmp,mode=control -nodefaults -vga none -device virtio-net-pci,mac=CE:B5:E8:48:8C:21,netdev=net0 -netdev vmnet-shared,id=net0 -device virtio-ramfb-gl -cpu host -smp cpus=2,sockets=1,cores=2,threads=1 -machine virt -accel hvf -drive if=pflash,format=raw,unit=0,file=/Applications/UTM.app/Contents/Resources/qemu/edk2-aarch64-code.fd,readonly=on -drive if=pflash,unit=1,file=/Users/user/Library/Containers/com.utmapp.UTM/Data/Documents/Ubuntu-22.10.utm/Data/efi_vars.fd -m 4096 -device intel-hda -device hda-duplex -device nec-usb-xhci,id=usb-bus -device usb-tablet,bus=usb-bus.0 -device usb-mouse,bus=usb-bus.0 -device usb-kbd,bus=u<…>
error	21:08:24.920082-0800	kernel	Sandbox: QEMUHelper(60370) deny(1) file-write-data /Applications/UTM.app/Contents/Resources/qemu/edk2-aarch64-code.fd
default	21:08:24.920363-0800	UTM	Access bookmark failed for: /Applications/UTM.app/Contents/Resources/qemu/edk2-aarch64-code.fd
error	21:08:24.920099-0800	QEMUHelper	Could not open() the item: [1: Operation not permitted]
default	21:08:24.920270-0800	QEMUHelper	Failed to create new bookmark!
default	21:08:24.937199-0800	secinitd	QEMULauncher[60386]: root path for bundle "<private>" of main executable "<private>"
default	21:08:24.941215-0800	secinitd	QEMULauncher[60386]: AppSandbox request successful
default	21:08:24.984235-0800	QEMULauncher	Requesting container lookup; personaid = -1, type = NOPERSONA, name = <unknown>, origin [pid = 0, personaid = 0], proximate [pid = 0, personaid = 0], class = 2, identifier = <private>, group_identifier = <private>, create = 0, temp = 0, euid = 501, uid = 501
default	21:08:24.984538-0800	QEMULauncher	Query; personaid = -1, type = NOPERSONA, name = <unknown>, origin [pid = 0, personaid = 0], proximate [pid = 0, personaid = 0], euid = 501, uid = 501, query = <private>
default	21:08:24.986984-0800	QEMULauncher	container_query_get_single_result: success
default	21:08:24.987013-0800	QEMULauncher	container_create_or_lookup_for_platform: success
default	21:08:24.986800-0800	containermanagerd	Using client sandbox path [<~~~>]; metadata = <<~~~>(2);<501/20/~~/0/1001>;u38C8657D-A144-4463-AAFB-7BE830D80741;pcom.utmapp.QEMUHelper;dp0;uma(null);L0>
default	21:08:24.988070-0800	QEMULauncher	No persisted cache on this platform.
default	21:08:24.989463-0800	tccd	AUTHREQ_ATTRIBUTION: msgID=60386.1, attribution={responsible={TCCDProcess: identifier=com.utmapp.UTM, pid=60369, auid=501, euid=501, responsible_path=/Applications/UTM.app/Contents/MacOS/UTM, binary_path=/Applications/UTM.app/Contents/MacOS/UTM}, requesting={TCCDProcess: identifier=com.utmapp.QEMULauncher, pid=60386, auid=501, euid=501, binary_path=/Applications/UTM.app/Contents/XPCServices/QEMUHelper.xpc/Contents/MacOS/QEMULauncher.app/Contents/MacOS/QEMULauncher}, },
default	21:08:25.016186-0800	tccd	AUTHREQ_ATTRIBUTION: msgID=404.1754, attribution={responsible={TCCDProcess: identifier=com.utmapp.UTM, pid=60369, auid=501, euid=501, responsible_path=/Applications/UTM.app/Contents/MacOS/UTM, binary_path=/Applications/UTM.app/Contents/MacOS/UTM}, accessing={TCCDProcess: identifier=com.utmapp.QEMULauncher, pid=60386, auid=501, euid=501, binary_path=/Applications/UTM.app/Contents/XPCServices/QEMUHelper.xpc/Contents/MacOS/QEMULauncher.app/Contents/MacOS/QEMULauncher}, requesting={TCCDProcess: identifier=com.apple.WindowServer, pid=404, auid=88, euid=88, binary_path=/System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/Resources/WindowServer}, },
default	21:08:25.016212-0800	tccd	requestor: TCCDProcess: identifier=com.apple.WindowServer, pid=404, auid=88, euid=88, binary_path=/System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/Resources/WindowServer is checking access for accessor TCCDProcess: identifier=com.utmapp.QEMULauncher, pid=60386, auid=501, euid=501, binary_path=/Applications/UTM.app/Contents/XPCServices/QEMUHelper.xpc/Contents/MacOS/QEMULauncher.app/Contents/MacOS/QEMULauncher
error	21:08:25.028306-0800	kernel	Sandbox: QEMULauncher(60386) deny(1) file-write-create /private/var/tmp/vl.MJNYX1

Debug log

Running:  -L /Applications/UTM.app/Contents/Resources/qemu -S -spice "unix=on,addr=/Users/user/Library/Group Containers/WDNLXAD4W8.com.utmapp.UTM/D62B83E8-8CB2-459C-82C8-689CBE5B2104.spice,disable-ticketing=on,image-compression=off,playback-compression=off,streaming-video=off,gl=on" -chardev spiceport,id=org.qemu.monitor.qmp,name=org.qemu.monitor.qmp.0 -mon chardev=org.qemu.monitor.qmp,mode=control -nodefaults -vga none -device virtio-net-pci,mac=CA:71:B8:69:1A:77,netdev=net0 -netdev vmnet-shared,id=net0 -device virtio-gpu-gl-pci -cpu host -smp cpus=2,sockets=1,cores=2,threads=1 -machine virt -accel hvf -drive if=pflash,format=raw,unit=0,file=/Applications/UTM.app/Contents/Resources/qemu/edk2-aarch64-code.fd,readonly=on -drive if=pflash,unit=1,file=/Users/user/Library/Containers/com.utmapp.UTM/Data/Documents/Ubuntu-22.10.utm/Data/efi_vars.fd -m 4096 -device intel-hda -device hda-duplex -device nec-usb-xhci,id=usb-bus -device usb-tablet,bus=usb-bus.0 -device usb-mouse,bus=usb-bus.0 -device usb-kbd,bus=usb-bus.0 -device qemu-xhci,id=usb-controller-0 -chardev spicevmc,name=usbredir,id=usbredirchardev0 -device usb-redir,chardev=usbredirchardev0,id=usbredirdev0,bus=usb-controller-0.0 -chardev spicevmc,name=usbredir,id=usbredirchardev1 -device usb-redir,chardev=usbredirchardev1,id=usbredirdev1,bus=usb-controller-0.0 -chardev spicevmc,name=usbredir,id=usbredirchardev2 -device usb-redir,chardev=usbredirchardev2,id=usbredirdev2,bus=usb-controller-0.0 -device virtio-blk-pci,drive=drive87892535-1B63-4244-95D0-316E7816BE5C,bootindex=0 -drive if=none,media=disk,id=drive87892535-1B63-4244-95D0-316E7816BE5C,file=/Users/user/Library/Containers/com.utmapp.UTM/Data/Documents/Ubuntu-22.10.utm/Data/87892535-1B63-4244-95D0-316E7816BE5C.qcow2,discard=unmap,detect-zeroes=unmap -device virtio-serial -device virtserialport,chardev=vdagent,name=com.redhat.spice.0 -chardev spicevmc,id=vdagent,debug=0,name=vdagent -fsdev local,id=virtfs0,path=/Users/user/Documents/Shared,security_model=mapped-xattr -device virtio-9p-pci,fsdev=virtfs0,mount_tag=share -name Ubuntu-22.10 -snapshot -uuid D62B83E8-8CB2-459C-82C8-689CBE5B2104 -device virtio-rng-pci
qemu-aarch64-softmmu: -drive if=pflash,format=raw,unit=0,file=/Applications/UTM.app/Contents/Resources/qemu/edk2-aarch64-code.fd,readonly=on: Could not open temporary file '/var/tmp/vl.MJNYX1': Operation not permitted

Upload VM
Sample VM Attached
config.plist.zip
@osy osy added this to the v4.1 milestone Jan 4, 2023
@osy osy closed this as completed in abc9e42 Jan 4, 2023
@aowendev
Copy link

Had this same problem on migrating from 4.2 to 4.3. Resolved it by cloning the VM.

@youssefelhirech
Copy link

youssefelhirech commented Sep 22, 2023
edited
Loading

I also have the issue, UTM 4.3.5. It seems to be related to the shared disk. When the Mac starts from a cold boot (completely turned off and then powered on), the VM doesn't appear to have permission for the shared folder.
On a coldboot, the first run of the VM is not mouting the shared disk

image

So, I need to do one of the following when a mac is turned on (not happening in sleep mode):

  • start the Mac, start the VM, shut it down, modify the VM -> save (without making any changes) to restore permission to the shared folder.
  • Or start the Mac, modify the VM, save it (without making any changes), see the "operation not permitted" message, and then repeat the process of modifying the VM and saving it, and this time it starts with the disk mounted.

image
image
image

@mbrennwa
Copy link

mbrennwa commented Sep 27, 2023
edited
Loading

I have the same issue on my M2 MacBook Air with UTM 4.3.5 running Debian Linux ARM.
I observed that I can work around this issue by using a different graphics driver (non-3D).

@Tinus016
Copy link

Tinus016 commented Nov 12, 2023
edited
Loading

I also have the issue, UTM 4.3.5. It seems to be related to the shared disk. When the Mac starts from a cold boot (completely turned off and then powered on), the VM doesn't appear to have permission for the shared folder. On a coldboot, the first run of the VM is not mouting the shared disk

[...]

Thank you so much! You saved me a lot of time I almost planned to re install

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v4.1
Development

No branches or pull requests
6 participants
@ideologysec @mbrennwa @youssefelhirech @osy @Tinus016 @aowendev